Okta Production Release 2016.26 began deployment on July 5. For the latest information on our release schedule, see Current Release Status.

Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.

Version numbers indicate the year and week of the year that releases are pushed to orgs. For example, release 2016.02 was pushed the second week of 2016. The week numbers follow the ISO Week Date convention.

Platform Release Notes

Important Notice for AD Integrations Using Federated Profiles

If your Okta Active Directory (AD) integration uses Federated Profiles, you should update to the latest GA version of the Okta AD agent. Beginning April 21, 2016, Okta automatically migrated all orgs that use the Federated Profiles option to the Okta enhanced AD integration, which requires agent version 3.0.8 or higher. If your Okta AD agent is earlier than version 3.0.8, following the migration your organization may experience inconsistent behavior, including loss of groups and group memberships.

Note: If you run multiple Okta AD agents, upgrade all agents on your domain servers to the same version. Running different versions of the AD agent can cause all of them to function at the level of your oldest agent.

What's New

Unless otherwise noted, these features are available for all organizations with release 2016.26.

We have improved the user experience by displaying messages to keep you on track where errors might occur:

A message displays in the Policy page when a new policy is created that does not contain any rules. A policy without rules cannot be successfully applied to users.

When a locked-out user uses an expired or used recovery link, a message displays that explains their error and provides options to obtain a new token.

The salesforce.com app in OAN now supports provisioning and SSO to your Salesforce Communities and Portal tenants. This new feature also adds support for Universal Directory for Salesforce Portal and Communities integrations. This is an Early Access (EA) feature; contact Okta Support to enable it.

We've improved the email we send to admins when new users are pushed to LDAP orgs. The email clarifies what admins need to do to allow new users to change their temporary password and successfully log in to Okta for the first time.

We've updated the list of synchronized Microsoft Office 365 (O365) attributes to ensure compatibility with the various O365 services.

Incremental Features Summary

There are no incremental features to announce this week.

Toolkit Update

We have upgraded the Okta JIRA Authenticator to version 2.0.2. This release fixes an issue where the JIRA On-Premise app 7.1.2 failed to redirect users to Okta for authentication. For installation and configuration instructions, see Using the JIRA On-Premises SAML App. To obtain the latest JIRA Authenticator, visit the Okta Downloads page. For the toolkit version history, see Current JIRA JAR Version History.

Browser Plugin Updates

The Okta plugin version 5.6.3 for Chrome, Firefox, Internet Explorer (IE), and Safari browsers is now Generally Available (GA). This release supports the HttpOnly flag, a security measure that provides additional protection against theft of session cookies.

We have updated the plugin for the Firefox, IE, and Safari browsers to version 5.6.4 for EA users. This release provides the following:

The updated Firefox plugin fixes an issue that prevented admins from configuring auto-installation of the Okta plugin on end-user computers.

Browser Support

On July 1, 2016 Okta will discontinue support for Microsoft IE 9 as well as all versions of Compatibility View that represent IE9. After that date, Okta Support will no longer investigate issues related to IE9. For more information about supported browsers, see Platforms, Browser, and OS Support.

Bug Fixes

Bug numbers ending with an H are hotfixes. Hotfixes are generally deployed after the initial release.

The following issues are fixed:

OKTA-79612 – The browser plugin offered to save passwords for apps that are not organization-managed, even though the org was configured to prevent save password banners.

OKTA-83336 – Duo factor re-enrollment failed in Okta when a user’s factor was deleted from the Duo app.

OKTA-90307 – The tooltip text for Okta Mobility Management (OMM) Passcode Policy’s Maximum failed attempts option stated that devices would be locked rather than wiped after the specified maximum number of attempts.

OKTA-91062H – Editing the group priority of the Licenses or Roles attributes failed in O365 app integrations with license-only provisioning type.

OKTA-92089 – Device Attributes were not updating because OMM-enrolled devices were not checking in with Okta.

App Integrations Fixes

The following SWA apps were not working correctly and are now fixed:

Canva (OKTA-92644)

Dataloader.io (OKTA-92646)

Fax87 (OKTA-92647)

Metrics That Matter (OKTA-92553)

Quartz (OKTA-92643)

The following SAML app was not working correctly and is now fixed:

Observable Networks (OKTA-93196)

Help Article Feedback

We’re sorry this article didn’t meet your needs. What specifically about the article was not helpful?